As a part of our ICO market research, we collected information on more than 400 ICO projects. We conducted security assessments of the top 100 ICO project websites as well as the top 50 cryptocurrency exchanges and crypto markets. The results are very alarming:
- Over 36% of such websites have high level risk vulnerabilities;
- 74% have medium level risk vulnerabilities;
- ALL of the websites we assessed have low level risk vulnerabilities.
High level risk vulnerability means that the website can be exploited by a qualified malicious actor. Due to the sensitivity of our research results, which can affect the current financial status of the affected startups, we prefer to NOT disclose the company names and results to the public. We have contacted the website owners with a mitigation plan and recommendations to fix the vulnerabilities.
CRYPTOSEC’s ICO security audit allows you to assess whether the ICO project complies with the most current information security best practices. We are sure that an information security audit plays a key role in preparing and enhancing a promising and unique project for its ICO. The audit checks for the existence of effective policies and procedures in the area of information security, and ensures compliance through implementation of these by the ICO project.
Risks during an ICO are possible at all stages of the project:
- At the stage of preparation of the whitepaper and the project site – theft of content, ideas, and the creation of a malicious website.
- At the level of interaction with the Internet community – hacking of accounts and the interception of communications channels, such as Slack, Telegram, blogs, and social networks.
- At the announcement stage of the ICO – compromised fundraising wallets, account seizure, unauthorized CMS access, etc.
- At the time of the launch of the ICO – domain capture, hosting, replacement of wallet addresses, DDOS attacks on Internet resources.
- At the fundraising stage and in the course of the project itself – theft of funds using vulnerabilities in crypto wallets and smart contracts.
The above list identifies the most common threats that may arise during an ICO and which can cause irreparable damage to both the project itself and its team, including financial and reputational risks. Publishing our ICO security audit results on your website allows you to gain the trust of your partners and investors.
Following your acceptance of our information security audit agreement and the Scope of Work (SoW) statement, we will provide the following services:
- Audit the policies and procedures of the company’s information systems infrastructure.
- Audit the policies and procedures of the online project space.
- Penetration testing, during which our Red Team can provide a real simulation of cyber intrusions, with both black box and white box tests available.
- Source code analyses of self-written products.
- Based on the results of our security audit, a report will be generated describing the current situation as well as exhaustive recommendations on the procedure for fixing all vulnerabilities and misconfigurations.
- After a period of time agreed in advance, we will conduct a control check audit of your project to verify if our recommendations provided in the report have been implemented.
- If the control check completes successfully, the ICO project will be assigned the status of CRYPTOSEC AAA and a security certificate will be issued.